class Mongo::Auth::X509::Conversation
Defines behavior around a single X.509 conversation between the client and server.
@since 2.0.0
Constants
- LOGIN
The login message.
@since 2.0.0
Attributes
@return [ Protocol::Message
] reply The current reply in the
conversation.
@return [ User
] user The user for the conversation.
Public Class Methods
Create the new conversation.
@example Create the new conversation.
Conversation.new(user, "admin")
@param [ Auth::User
] user The user to converse about.
@since 2.0.0
# File lib/mongo/auth/x509/conversation.rb, line 100 def initialize(user) @user = user end
Public Instance Methods
Finalize the X.509 conversation. This is meant to be iterated until the provided reply indicates the conversation is finished.
@example Finalize the conversation.
conversation.finalize(reply)
@param [ Protocol::Message
] reply The reply of the previous
message.
@param [ Server::Connection
] connection The connection being
authenticated.
@return [ Protocol::Query
] The next message to send.
@since 2.0.0
# File lib/mongo/auth/x509/conversation.rb, line 51 def finalize(reply, connection) validate!(reply, connection.server) end
Start the X.509 conversation. This returns the first message that needs to be sent to the server.
@param [ Server::Connection
] connection The connection being
authenticated.
@return [ Protocol::Query
] The first X.509 conversation message.
@since 2.0.0
# File lib/mongo/auth/x509/conversation.rb, line 64 def start(connection) login = LOGIN.merge(mechanism: X509::MECHANISM) login[:user] = user.name if user.name if connection && connection.features.op_msg_enabled? selector = login # The only valid database for X.509 authentication is $external. if user.auth_source != '$external' user_name_msg = if user.name " #{user.name}" else '' end raise Auth::InvalidConfiguration, "User#{user_name_msg} specifies auth source '#{user.auth_source}', but the only valid auth source for X.509 is '$external'" end selector[Protocol::Msg::DATABASE_IDENTIFIER] = '$external' cluster_time = connection.mongos? && connection.cluster_time selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time Protocol::Msg.new([], {}, selector) else Protocol::Query.new( Auth::EXTERNAL, Database::COMMAND, login, limit: -1 ) end end
Private Instance Methods
# File lib/mongo/auth/x509/conversation.rb, line 106 def validate!(reply, server) if reply.documents[0][Operation::Result::OK] != 1 raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server) end @reply = reply end